Microsoft has offered users tips on how to avoid falling
victim to a critical bug in its Excel spreadsheet
software.
But the company has yet to issue a fix for the vulnerability,
which has to do with the way that Excel uses computers’ memory. The
company said an update is on the way for the bug that Microsoft
found out about when hackers launched an attack against one of its
customers using the vulnerability, which occurs in numerous
versions of the spreadsheet software, including Excel 2000, Excel
2002 and Excel 2003.
The flaw could be exploited to run unauthorised software on a
Windows PC, but for this to happen attackers would first need to
either trick an Excel user into visiting a malicious website or to
open a malicious Excel attachment.
Advanced Windows users can block the vulnerability by editing
their registry settings or by setting up their email gateway to
block Excel attachments. An alternative solution is to cut down on
the risk by avoiding Excel documents sent from untrusted
sources.
The bug is the latest in a plague of security headaches for
Microsoft, including the issuing of a series of security updates in
June that included 12 patches, and coping with a hack attack that
shut down part of the company's French website and taking advantage
of a misconfigured server at the software vendor's web hosting
provider.
It’s not been a good few weeks for Microsoft on the security
front, after a relatively quiet
beginning of the year. It seems the harder it tries, the more
sophisticated and professional the attacks. And that’s before Vista
arrives!